Federal prosecutors in Atlanta have indicted four North Korean nationals on charges of wire fraud and money laundering, alleging they orchestrated a scheme to steal approximately $1 million in virtual currency from blockchain companies in Atlanta and Serbia.
The indictment, which came from a federal grand jury in late June, is part of a broader crackdown by U.S. authorities on North Korea’s elaborate infiltration efforts into American businesses, aimed at raising funds to support the country’s weapons programs.
The Justice Department has revealed that similar operations involving remote IT workers from North Korea have been identified at over 100 businesses nationwide, including Fortune 500 companies.
In light of these developments, the FBI’s Atlanta office is urging tech firms to heighten their hiring scrutiny, particularly when considering remote IT positions filled by overseas candidates.
“North Korea dispatches operatives around the world to obtain remote IT jobs to generate revenue for the North Korean regime,” U.S. Attorney Theodore Hertzberg stated during a news conference in Atlanta.
The modus operandi described by prosecutors suggests that these workers frequently utilized fake or stolen identities to gain access to companies and ultimately pilfer funds, characterizing their efforts as a “long-con.”
The four men charged—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—are believed to be part of a sophisticated network aimed at siphoning off resources from unsuspecting U.S. companies.
According to federal prosecutors, some of the stolen funds can be traced back to a blockchain research and development company known as Starter Labs, founded by entrepreneur Williams.
Williams claimed that he hired Kim as a software developer in late 2020, initially entrusting him with relatively minor tasks. Despite what he perceived to be a successful working relationship, Williams was unaware that his employee, known as “Pemba”, was actually a North Korean national.
Impressed by Kim’s work ethic, Williams eventually promoted him to Chief Technology Officer (CTO), granting him additional responsibilities, including the authority to hire other developers. This increase in trust inadvertently led to further involvement from Kim’s associates in the alleged thefts.
As the startup progressed, Kim was given access to the company’s funding pool and regularly facilitated large transfers of virtual currency without raising any alarms.
Williams recounted that he and his employees frequently shared personal stories and hobbies over video calls, but never met in person—an occurrence not unusual in the tech industry, where remote work is prevalent and anonymity often reigns.
“We were close. I trusted them,” he said, reflecting on the time spent with the team.
However, as time passed, Williams began noticing irregularities in his company’s finances, with initial losses amounting to $30,000 escalating to nearly $750,000.
When confronted by Williams, Kim denied any wrongdoing. But as Williams prepared to alert the FBI, the developers vanished without explanation.
“They slow-played me,” Williams said, expressing his newfound understanding of their systematic approach to the deception. “They knew exactly what they were doing.”
The FBI’s Special Agent in Charge for Atlanta, Paul Brown, emphasized the cautionary tale of companies that fell victim to such schemes, where North Korean nationals secured jobs using fraudulent credentials. These operatives gained employers’ trust only to exploit that confidence to steal valuable digital assets.
“As we have seen, those who take tech positions using disingenuous means ultimately aim to fund their regime,” Brown noted.
In response to this alarming trend, the Justice Department has taken measures to seize 29 financial accounts and 17 web domains that were allegedly employed to launder funds back to North Korea.
Law enforcement has also conducted searches across 29 locations suspected to house
image source from:ajc
